Discover and read the best of Twitter Threads about #WinDBG
Most recents (4)
Am Mittwoch treten das neue #Windenergieflächenbedarfsgesetz (#WindBG) und die Änderungen im Baugesetzbuch (BauGB) zur #Flächenausweisung für die #Windenergie in Kraft. Ein wichtiger Schritt für mehr Windenergie, aber mit Defiziten beim Tempo – eine Einordnung mit Ausblick 1/n 
Das WindBG ist ein wichtiger Schritt auf dem Weg zur #Klimaneutralität. Erstmalig gibt es einen Fahrplan, um die voraussichtlich erforderlichen 2 % der Landesflächen für die Windenergie planerisch auszuweisen inkl. einer Aufteilung der Mengen auf die Bundesländer. 2/n
Das ist ein großer Fortschritt. Schon bisher mussten die Planungsträger der Windenergie „substantiell Raum verschaffen“. Wie viel Fläche jeweils auszuweisen war, ließ sich aber kaum beziffern. Eine Kopplung dieser Vorgabe an steigende Windausbau- und Klimaschutzziele fehlte. 3/n
Here are 11 reasons why we should use #HyperDbg, the differences between HyperDbg and #WinDbg, and how HyperDbg will change our debugging/reversing journey.
A thread (24 tweets) 🧵:
A thread (24 tweets) 🧵:
1. !epthook/!epthook2: a.k.a hidden hooks, HyperDbg implements classic EPT hook (!epthook) combined with old detour methods (!epthook2). It's super fast and invisible! By looking at the memory, neither the operating system nor the application ever understands that /
there is a hook.
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/using-hyperdbg…
2. !monitor: HyperDbg simulates hardware debug registers but this time without any limitation in size and transparent from the operating system.
Imagine you can get notified about /
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/commands/exten…
docs.hyperdbg.org/using-hyperdbg…
2. !monitor: HyperDbg simulates hardware debug registers but this time without any limitation in size and transparent from the operating system.
Imagine you can get notified about /
[#thread 🧵] Last week in #Microsoft #PatchTuesday, a critical vulnerability was patched that theoretically allows attackers to achieve Remote Code Execution on a target #IIS server (CVE-2022-21907). I'll explain how it works in this thread ⬇️
[#thread 🧵(2/9)] A bit of History !
First of all, it is important to know that this vulnerability is a sibling of CVE-2021-31166 disclosed in May of last year. These two vulnerabilities occur in the parsing of HTTP headers of an incoming request, within the http.sys driver.
First of all, it is important to know that this vulnerability is a sibling of CVE-2021-31166 disclosed in May of last year. These two vulnerabilities occur in the parsing of HTTP headers of an incoming request, within the http.sys driver.
[#thread 🧵(3/9)] But what happens exactly 🤔 ?
To understand what happens in a kernel driver crash, It's important to analyze the kernel #crashdump generated at the moment of the blue screen! Let's open it in #WinDbg and analyze it!
To understand what happens in a kernel driver crash, It's important to analyze the kernel #crashdump generated at the moment of the blue screen! Let's open it in #WinDbg and analyze it!
Packages sets and #SMT sets. Windows uses 5 fields in the KPRCB to determine correct scheduling decisions when dealing with logical processor topologies. The first field, #CoresPerPhysicalProcessor, determines wheter this logical processor is part of a multicore package. /1
It's computed from the CPUID returned by the processor and rounded to a power of 2. The 2nd field, #LogicalProcessorPerCore, determines wheter the logical processor is part of an SMT set, such as on an AMD with SMT, it is also queried through CPUID and rounded. /2
Multiplying these 2 numbers yields the number of logical processor per package, or an actual physical processor that fits into a socket. /3
